GDPR TEST by admin | Feb 10, 2021 | 0 comments Welcome to GDPR TEST Lawful processing Before you use somebody’s data, do you need to get their approval (consent)? Yes, always, without the agreement of the individual it is illegal to use their data No, only if you want to use financial data (e.g. Credit card number) Depends on what you want to use the data for and what type of relation you have with the person whose data you want to use When you are using your employees' social security number in an HR context, you are doing so based on which of the following legal grounds? Consent Legitmate interest Contract performance "Which of the following is true? A. Personal data retrieved from a public source can be used for direct marketing purposes, if that public source is the social media. B. Personal data made public by a person can without any condition be used for direct marketing purposes. Public information is for everyone to use." only A only B A and B none of these is true "..by continuing to use this website you agree for us to use advertising cookies" is OK, because you have informed the website visitors about the use of such cookies Not lawful Is direct marketing permitted under GDPR? Yes, without condition Yes, with condition No Can I make it mandatory for someone to share their name and e-mail address with my organisation, as a condition to participate in a free competition that my organisation launches, so that I can send out direct marketing material later? Yes, if the individual is an adult Yes, if it is free to enter the competion No RoPA What is a RoPA in GDPR? Register of Procurement Actions Register of Privacy Assessments Records of Processing Activities The Records of Processing Activities is A legal requirment for controllers AND processors A legal requirment for controllers OR processors A legal requirment for controllers only Where a Controller RoPA is required and, where possible, it must contain which of the following? Processor contact details Description of DPIAs Time limits for erasure The Records of Processing Activities must be kept regarding Finance and HR processes Sales and Finance processes All processes that involve personal data In what form must a RoPA be maintained? By using a software Printed on paper In writing, including in electronic form DSRR Someone's asking if my organisation is processing data on him. Do I have to answer? Yes No Which of the following is true? Controller A must facilitate personal data transfer directly to Controller B where … …technically possible …a fee has been paid for this transfer …a contract mandates the transfer Should I inform the person that I am collecting personal data from them for direct marketing purposes? Yes No, it will be evident when they receive the brochure "The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed. Which of the below is considered personal data? A. Badge number B. Credit Score C. Names of the parents, mother tongue D. The story of clicks on your website, IP address" A and B B and C A, B and C A, B, C and D Who is a data subject? Only former, potential and current employees Only former, potential and current customers Any living person your organisation processes personal data about Whoever your organisation ever processed personal data about Privacy notice Is it true that only companies having a website are required under GDPR to publish information (also often referred to as privacy notice) about their data processing? Yes No Which of the following is true? A privacy policy is a clear communication given to the data subjects about the essence of the data processing. It is mandatory to have a privacy lawyer write the privacy notice for your organisation. As long as your organisation has used a free template available on the internet, it ensures that your privacy notice will be correct and complete. Contentwise it is laid down in the GDPR what details must be given to the data subjects, when their personal data is obtained directly from them and in case you have obtained their data indirectly from another source. Is it true that a privacy notice has to be as complex as possible, to make sure every detail is included? Yes No Is it good practice to copy a privacy notice that another organisation has published on its website? Only if that another company has dealings in the same industry as your organisation. Only if that privacy notice has recently been updated. It would be a terrible idea Is it true that your organisaton´s privacy notice must include the name and contact details of your Data Protection Officer? No, only the name No, only the contact details Yes Time is Up! Time's up Submit a Comment Cancel replyYour email address will not be published. Required fields are marked *Comment * Name * Email * Website Save my name, email, and website in this browser for the next time I comment.
Recent Comments